When there's a threat or breach, you'll be the first to know.
If you suspect your organization is a victim of a ransomware attack or know that you are, (perhaps you’ve already encountered a message from the cyber criminals), your first steps are:
The first of your many difficult decisions whether to pay the ransom or not. Knowing how to decide, act and move on is critical. You can read our ransomware negotiation guide to find out more.
Ransomware is a quick and easy path to revenue for criminals. Unfortunately, ransomware isn’t always the first play in a criminal’s playbook. They usually have been in your network for a while and deploy ransomware after they’ve accessed all your data.
Attackers leverage ransomware to get your attention and get you to act on a deadline. Have a backup? They’ve overcome it and still they’ll post your data for all to see if they don’t get their money. Sometimes they expose your data without a ransomware attack, but the sight of locked-up computers and zero business going on means you have to act - NOW!
They might just forgo the ransomware and go straight to extortion.
Ransomware attacks need to be assessed for legitimacy. It is also important to identify the threat actor and develop a negotiation and mitigation strategy based on the threat actor’s history.
Threat actors may seem like faceless criminals – but they are human beings that can be constructively engaged so ransomware victims can verify the claims of the threat actor and build the needed trust and rapport for a positive outcome.
Novices are always at a disadvantage in negotiations with experienced professionals, and since most companies do not have access to experienced ransomware negotiators, threat actors usually have a decided advantage. GroupSense levels the playing field with experienced negotiators who can effectively reduce ransom demands and manage the cryptocurrency transaction once the negotiation is complete.
There are a number of activities that need to happen post-transaction to reduce the potential damage of the attack, including monitoring the threat actor to prevent a repeat attack, obtain access to any stolen data, and communicate with all necessary parties about the attack, including insurance companies.
This is not a cyber security issue, it is a business issue. We know how to build your team because we’ve done it.
You need a team that has supported organizations facing their worst nightmares:
Everything you say or don’t say, the channels you use, and the timing and tone of your communications will all have a bearing on these proceedings. Structuring the deal, the money transfer, and the data recovery are critically important. Leverage the expertise of our ransomware negotiator to safely handle the attacker.
Enterprises need to take a more sophisticated approach to ransomware – most victims wind up suffering far more damage than is necessary, whether by overpaying threat actors, incurring brand damage and compliance violations from online data dumps or spending extended periods of time with no access to their critical data.